{ config, pkgs, ... }:
let domain = "git.leaf.ninja";
in {
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = domain;
        ROOT_URL = "https://${domain}/";
        HTTP_PORT = 3000;
      };
      service.DISABLE_REGISTRATION = true;
      mailer = {
        ENABLED = true;
        SMTP_ADDR = "smtp.migadu.com";
        FROM = "forgejo@leaf.ninja";
        USER = "forgejo@$leaf.ninja";
      };
      webhook.ALLOWED_HOST_LIST =
        pkgs.lib.concatStringsSep "," [ "localhost" "::1" ];
    };
    secrets = {
      mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
    };
  };

  services.caddy.virtualHosts.${domain}.extraConfig = ''
    reverse_proxy localhost:3000
  '';

  age.secrets.forgejo-mailer-password = {
    file = ./secrets/forgejo-mailer-password.age;
    mode = "400";
    owner = "forgejo";
  };
}